Hi.
Today we have investigations sent via webhook however the information that is included in the webhook is very minimal. Is there a way to add more data that is sent via webhooks?
Hi antmar904,
An approach you could use here is to take the investigation RRN from the webhook and then pull in the other fields that you need from the investigations API. No plans at the moment to add more fields to the webhook.
Darragh
Hi Darragh.
I am aware of the API but that is not the route we want to go. It’s unfortunate as most SIEM’s include much detailed info in webhooks.
Thank you for the response.
I’ve noticed this and more and more it’s becoming a pain. If you have an investigation triggering a workflow in ICON it doesn’t even provide the RRN or ID natively. The webhook seems to be the cleanest way of getting an RRN, but then you don’t have the information for the investigation.
I use the webhook as a clean source_ref for object structure…but otherwise you need to use it to only get the source_ref and then build on that to create your own custom object.